On the Existence of Statistically Hiding Bit Commitment Schemes and Fail-Stop Signatures

  • Ivan B. Damgård
  • Torben P. Pedersen
  • Birgit Pfitzmann
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 773)


We show that the existence of a statistically hiding bit commitment scheme with non-interactive opening and public verification implies the existence of fail-stop signatures. Therefore such signatures can now be based on any one-way permutation — the weakest assumption known to be sufficient for fail-stop signatures. We also show that genuinely practical fail-stop signatures follow from the existence of any collision-intractable hash function. A similar idea is used to improve a commitment scheme of Naor and Yung, so that one can commit to several bits with amortized O(1) bits of communication per bit committed to.

Conversely, we show that any fail-stop signature scheme with a property we call the almost unique secret key property can be transformed into a statistically hiding bit commitment scheme. All previously known fail-stop signature schemes have this property. We even obtain an equivalence since we can modify the construction of fail-stop signatures from bit commitments such that it has this property.


Hash Function Signature Scheme Security Property Security Parameter Commitment Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    C. H. Bennett, G. Brassard, C. Crépeau, U. Maurer: Privacy Amplification Against Probabilistic Information. In preparation.Google Scholar
  2. 2.
    C. H. Bennett, G. Brassard, J.-M. Robert: Privacy Amplification by Public Discussion. SIAM Journal on Computing, vol 17, no. 2, 1988, pp. 210–229.CrossRefMathSciNetGoogle Scholar
  3. 3.
    J. L. Carter, M. N. Wegman: Universal Classes of Hash Functions. Journal of Computer and System Sciences 18, 1979, pp. 143–154.CrossRefzbMATHMathSciNetGoogle Scholar
  4. 4.
    I. B. Damgård: A Design Principle for Hash Functions. Proceedings of Crypto’89, LNCS 435, pp. 416–427, 1990.Google Scholar
  5. 5.
    E. van Heyst, T. P. Pedersen: How to Make Efficient Fail-Stop Signatures. Presented at Eurocrypt’92, Balatonfüred, Hungary, 1992.Google Scholar
  6. 6.
    E. van Heyst, T. P. Pedersen, B. Pfitzmann: New Constructions of Fail-Stop Signatures and Lower Bounds. Presented at Crypto’92, Santa Barbara, 1992.Google Scholar
  7. 7.
    R. Rivest: The MD4 message-digest algorithm, Proc. of Crypto 90.Google Scholar
  8. 8.
    R. C. Merkle: Protocols for Public Key Cryptosystems. In: Secure Communications and Asymmetric Cryptosystems, AAAS Selected Symposium 69, G. J. Simmons (ed.); Westview Press, Boulder 1982, pp. 73–104.Google Scholar
  9. 9.
    R. C. Merkle: A digital signature based on a conventional encryption function. Proceedings of Crypto’87, LNCS 293, Springer-Verlag, Berlin 1988, pp. 369–378.Google Scholar
  10. 10.
    M. Naor, M. Yung: Universal One-Way Hash Functions and their Cryptographic Applications. Proceedings of 21st STOC, pp. 33–43, 1989.Google Scholar
  11. 11.
    M. Naor, R. Ostrovsky, R. Venkatesan, M. Yung: Perfect Zero-Knowledge Arguments for NP Can Be Based on General Complexity Assumptions. Presented at Crypto’92, Santa Barbara, 1992.Google Scholar
  12. 12.
    T. P. Pedersen, B. Pfitzmann: Fail-Stop Signatures. Manuscript, February 1993.Google Scholar
  13. 13.
    B. Pfitzmann, M. Waidner: Formal Aspects of Fail-Stop Signatures. Internal report 22/90, Fakultät für Informatik, Universität Karlsruhe.Google Scholar
  14. 14.
    B. Pfitzmann, M. Waidner: Fail-Stop Signatures and their Application. Securicom 91, Paris, pp. 145–160.Google Scholar
  15. 15.
    Specifications for a Secure Hash Standard, Federal Information Processing Standards Publication YY, 1992.Google Scholar
  16. 16.
    M. Waidner, B. Pfitzmann: The Dining Cryptographers in the Disco: Unconditional Sender and Recipient Untraceability with Computationally Secure Serviceability. Proceedings of Eurocrypt’89, LNCS 434, page 690, 1990.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Ivan B. Damgård
    • 1
  • Torben P. Pedersen
    • 1
  • Birgit Pfitzmann
    • 2
  1. 1.Matematisk InstitutAahus UniversityAarhus CDenmark
  2. 2.Institut für InformatikUniversität HildesheimHildesheimGermany

Personalised recommendations